Introduction to Searching
You want to alter values in a game. To pursue this, we must first find the values.
When searching for values, Bit Slicer gives back variables as results.
Variables have some notable properties:
- Memory Address (where the variable is located in memory, usually represented in hexadecimal notation with a leading 0x)
- Value (eg: 5)
- Data Type (the type of variable, eg: an integer, a string or a fractional number)
- Size (the number of bytes the variable takes up in memory; this can be tied to its data type)
Say I open up my video game, and in the menu selection, it has an option for how many lives each player starts with when a match begins. It only allows me to select between 1 to 10 for this option. This is no good! I want players to start with 20 lives.
In the game, I make the option set to players starting with 5 lives.
cmd+tab out of my game to Bit Slicer, I first set the Target to be my game. I then type 5 in the Value field, choose 32-bit Integer under Data type, and choose 'equals' for the operator. I want to find all variables that are 32-bit integers whose values are equal to 5. I then begin my search.
The screenshot above shows what happened after my first search. Many variables whose values matched 5 are returned back. It turns out that many of these variables are false positives and not what I was actually looking for.
How do I find which variable is the one I'm looking for out of the thousands of results that came back to me?
- Alter the value in-game
- Search for the changed value
- Rinse and repeat
So in my game, I'm going to set the option to 1 life instead of 5. In Bit Slicer, I change the value to be searched from 5 to 1, and perform another search. I repeat this as many times as necessary until I can no longer eliminate false results.
I found the option for setting the number of lives players start with. In my case, the variable is located at 0x1A164 and it's a 32-bit integer. In this particular case, Bit Slicer is also smart enough to tag a good description to the variable. In the game, the developer named the variable gCharacterLives.
I happily double click on the variable's value and change it from 1 to 20. The value updates in-game, and I can now have players start with 20 lives. Great!
You may wonder how I knew to choose a 32-bit integer. Well, number of lives doesn't seem like something that would be stored as a floating-point or string, so I eliminated those types. As for how I knew it was 32-bits long, I took a guess. If I failed to find the value I was looking for, I would have tried searching with another data type.
Since the number of lives could fit into a 8-bit integer value (2^8 possible values) and this was a little endian search, it also would have been safe to search for a 8-bit integer and ending up getting the same memory address. For a better understanding, check Data Types.